430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

WireLurker malware is threatening Apple mobile devices

Security Experts at Palo Alto Networks have discovered a new variant of malware dubbed WireLurker that is infecting Apple mobile devices. A new strain of malware dubbed WireLurker  is threatening Apple users, the malicious code is able to infect Apple iPhone and iPad syphoning user’data. The malware was discovered for the first time by experts […]

WireLurker malware is threatening Apple mobile devices

Security Experts at Palo Alto Networks have discovered a new variant of malware dubbed WireLurker that is infecting Apple mobile devices.

A new strain of malware dubbed WireLurker  is threatening Apple users, the malicious code is able to infect Apple iPhone and iPad syphoning user’data.

The malware was discovered for the first time by experts at Palo Alto Networks that revealed it exhibited behavior that had never been seen before malware targeting Apple mobile devices. The company estimates several hundred thousand Apple users have been already infected by WireLurker.

The malware in a first stage infects a host (desktop or laptop) which downloaded the malicious software from the web, then it waits for an Apple device (i.e. iPhone or iPad) to be connected via USB.

Once the Apple device is connected to the infected PC, WireLurker scans it analyzing the installed applications, then if a target app is present, it copies the app from the mobile device to the host, infects it and then install it again on the mobile unit.

The experts discovered that WireLurker only collect data from the compromised device, but, to date, no other malicious activity has been observed. The following graph shows detections of the WireLurker malware made by expert at Kaspersky Lab on OSX.

WireLurker malware Kaspersky

 

The experts at Palo Alto Networks expressed their concerns in the official blog post on the WireLurker malware:

“We believe that this malware family heralds a new era in malware attacking Apple’s desktop and mobile platforms based on the following characteristics:”

  • Of known malware families distributed through trojanized / repackaged OS X applications, it is the biggest in scale we have ever seen
  • It is only the second known malware family that attacks iOS devices through OS X via USB
  • It is the first malware to automate generation of malicious iOS applications, through binary file replacement
  • It is the first known malware that can infect installed iOS applications similar to a traditional virus
  • It is the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning

Apple mobile devices are becoming a privileged target of cybercriminals due to the large number of devices worldwide and the lack of security measured installed by the Apple users.

The infection was spread initially through several hundreds apps offered via Maiyadi, a third-party Chinese software website .

“WireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users.” states the post.

WireLurker primarily targets Apple devices that have been “jailbroken” and that result vulnerable because users had disabled some security feature to run certain apps.

Experts also detected a strain of WireLurker that targets iPhones and carries an Apple digital certificate, but that version needs user approval to be executed.

The instance of WireLurker detected also targets popular Chinese apps like Taobao, Alipay or Meitu.

Apple has blocked the apps that could be used by threat actor to propagate the infection.

Pierluigi Paganini

Security Affairs –  (WireLurker, malware)